graylog

原创

great_yonchin 2019-03-06 14:04:59 ©著作权

文章标签 graylog 文章分类 运维

©著作权归作者所有：来自51CTO博客作者great_yonchin的原创作品，请联系作者获取转载授权，否则将追究法律责任

graylog master 安装：

cat > docker-compose.yml <<EOF
version: '2'
services:
  
  fluentd:
    image: registry.umarkcloud.com/fluentd:v1.2.5-output-udp-beats
    container_name: fluentd
    volumes:
      - ./fluent.conf:/fluentd/etc/fluent.conf
    ports:
      - 24224:24224
      - 5044:5044

  mongo:
    image: registry.umarkcloud.com/bitnami/mongodb:3.6.6
    container_name: mongo
    restart: unless-stopped
    ports:
      - 27017:27017
    volumes:
      - /data/mongo:/bitnami/mongodb

  graylog:
    #image: registry.umarkcloud.com/graylog/graylog:2.4.6-1
    image: registry.umarkcloud.com/graylog/graylog:2.5
    container_name: graylog
    restart: unless-stopped
    #network_mode: host
    environment:
      - GRAYLOG_IS_MASTER=true
      - GRAYLOG_REST_LISTEN_URI=http://0.0.0.0:9000/api
      - GRAYLOG_WEB_ENDPOINT_URI=http://0.0.0.0:9000/api
      - GRAYLOG_ELASTICSEARCH_HOSTS=http://172.17.0.28:9200
      - GRAYLOG_MONGODB_URI=mongodb://mongo:27017/graylog
      - GRAYLOG_SERVER_JAVA_OPTS=-Xms4g -Xmx4g -XX:NewRatio=1 -XX:MaxMetaspaceSize=256m -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow
      - TZ=Asia/Shanghai
      - GRAYLOG_ELASTICSEARCH_DISCOVERY_ENABLED=false
    ports:
      - 9000:9000
      - 5555:5555
#      - 5044:5044
    volumes:
      - ./graylog.conf:/usr/share/graylog/data/config/graylog.conf
      - ./jar/dingding-alert-2.1.2-SNAPSHOT.jar:/usr/share/graylog/plugin/dingding-alert-2.1.2-SNAPSHOT.jar
      - ./jar/original-dingding-alert-2.1.2-SNAPSHOT.jar:/usr/share/graylog/plugin/original-dingding-alert-2.1.2-SNAPSHOT.jar

EOF

cat > graylog.conf <<EOF
is_master = true
node_id_file = /usr/share/graylog/data/config/node-id
password_secret = replacethiswithyourownsecret!
root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
root_timezone = Asia/Shanghai
plugin_dir = /usr/share/graylog/plugin
rest_listen_uri = http://0.0.0.0:9000/api/
rest_thread_pool_size = 8
web_listen_uri = http://0.0.0.0:9000/
web_thread_pool_size = 16
elasticsearch_hosts = http://elasticsearch1:9200
elasticsearch_compression_enabled = true
allow_leading_wildcard_searches = false
allow_highlighting = false
output_batch_size = 2000
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /usr/share/graylog/data/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://mongo/graylog
mongodb_max_connections = 100
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = true
transport_email_hostname = smtp.163.com
transport_email_port = 25
transport_email_use_auth = true
transport_email_use_ssl = false
transport_email_auth_username = 15201702756@163.com
transport_email_auth_password = zhang123
transport_email_subject_prefix = [graylog]
transport_email_from_email = graylog@example.com
content_packs_loader_enabled = true
content_packs_dir = /usr/share/graylog/data/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32

EOF

 cat > fluent.conf <<EOF
<source>
  @type forward
  bind 0.0.0.0
  port 24224
</source>

<source>
  @type beats
  metadata_as_tag
</source>

<match **>
  @type tagged_udp
  host graylog
  port 5555
</match>

EOF

graylog slave安装:

cat > docker-compose.yml <<EOF
version: '2'
services:
  graylog:
    #image: registry.umarkcloud.com/graylog/graylog:2.4.6-1
    image: registry.umarkcloud.com/graylog/graylog:2.5
    container_name: graylog
    restart: unless-stopped
    network_mode: host
    environment:
      - GRAYLOG_IS_MASTER=false
      - GRAYLOG_WEB_ENABLE=false
      - GRAYLOG_REST_LISTEN_URI=http://0.0.0.0:9000/api
      - GRAYLOG_WEB_ENDPOINT_URI=http://0.0.0.0:9000/api
      - GRAYLOG_ELASTICSEARCH_HOSTS=http://172.17.0.28:9200
      - GRAYLOG_MONGODB_URI=mongodb://172.17.0.46:27017/graylog
      - GRAYLOG_SERVER_JAVA_OPTS=-Xms2g -Xmx2g -XX:NewRatio=1 -XX:MaxMetaspaceSize=256m -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow
      - TZ=Asia/Shanghai
    ports:
      - 9000:9000
      - 5555:5555
#      - 5044:5044
    volumes:
      - ./graylog.conf:/usr/share/graylog/data/config/graylog.conf
      - ./jar/dingding-alert-2.1.2-SNAPSHOT.jar:/usr/share/graylog/plugin/dingding-alert-2.1.2-SNAPSHOT.jar
      - ./jar/original-dingding-alert-2.1.2-SNAPSHOT.jar:/usr/share/graylog/plugin/original-dingding-alert-2.1.2-SNAPSHOT.jar

EOF